Awseye (pronounced o-zee 🦘🇦🇺) is an open-source intelligence (OSINT) and reconnaissance service that tracks and analyzes publicly accessible AWS data. It helps identify known and exposed AWS resources that might need attention, aiding cloud security professionals and researchers in their investigations.
All data in Awseye is gathered from publicly available sources such as GitHub, Pastebin, AWS APIs, and other locations where AWS metadata is exposed unintentionally or intentionally.
AWS accounts are just 12 digit numbers. In theory all AWS accounts will be enumerated eventually. If you see your account listed, it means that Awseye has found information about it somehow, sometimes merely by just existing. If your resources are listed, it means that their identifiers are either guessable or have been mentioned in a public place like Github. It does NOT mean that you've been hacked or will be hacked, it only implies that things exist.
There are various ways to use Awseye to achieve different goals. Most people type in their AWS account ID to see what is known about it. Note that if you search for a valid account, Awseye will then find some resourcess associated with it, like the root user which is present in every AWS account.
The database is searchable by the general public. The API and bulk data export are available to vetted paying customers. Plerion engineering staff have access to the database and the code used to generate it.
Awseye provides information that is already publicly accessible. It serves as a tool to help identify exposed resources so that AWS account owners can take necessary actions to secure their environments. Hackers could use this data, but they likely already have it. Awseye exists to even the playing field for defenders.
Probably nothing? If your AWS account or resources are listed, it indicates that information about them has become publicly known, but not necessarily anything more. If you want to be certain, we recommend reviewing the resources listed, verifying their configuration, and securing them if necessary. If you need assistance, Plerion operates a cloud security platform and offers a free trial to get you started.
Unfortunately, you can't make any assumptions based on the absence of information. It doesn't mean that attackers don't know about your accounts or resources. Awseye is not omniscient and doesn't have access to all data everywhere.
Awseye regularly scans public sources and updates its database frequently. Some sources are real-time, while others are updated monthly. The most common scan interval is 15 minutes.
Since the data Awseye collects is publicly available, removing it from the platform won’t affect its availability elsewhere. Instead, we recommend securing your resources directly to prevent them from being exposed.
No, Awseye is a project developed by Daniel Grzelak (UI by Manish Singh) and operated by Plerion. It is not affiliated with Amazon Web Services (AWS).
The best way to secure your AWS account is by following AWS’s security best practices. If you need assistance, Plerion operates a cloud security platform and offers a free trial to get you started.
We will eventually offer a service that requires verifying ownership of target accounts. Once set up, you will receive notifications when data about your accounts is added to Awseye.
Anyone can contribute data and suggest new data sources to add.